interesting feature on AMIX..

[Frank J. Edwards]

In article <426 at hfsi.UUCP> emcphers at manu.cs.vt.edu (Frank McPherson) writes:
>
>If you restrict the mounting to floppies on a specific subtree, it's not
>that much of a security hole.  For example, you could write a small 
>program which would be called by a student which would mount a floppy
>disk residing in the internal disk drive to /sony, or something similar.
>That is, in fact, what is done at Virginia Tech.  What we've got down 
>there is a computer lab with four or five 3000UXD's which get used by
>many students.  In order to avoid filling up the drives on the UXD's,
>we (the students) have to bring in a floppy which we use as our own
>personal travelling file system.  It works out pretty well in the end.

You could have other problems "in the end!" ;-)

Suppose I make a floppy on my machine and put a copy of ksh on it.  Then
I make that ksh set-uid to root and mount it on your system.  I execute
that ksh and viola! I get the "#" prompt...

>- Frank McPherson     INTERNET: emcphers at manu.cs.vt.edu -

Actually, the solution presented by Steve Warren is much sturdier:  the
same script would search the inodes looking for set-uid programs.  If
any were found, the disk would not be mounted.

The "ncheck" command has an option, -s, which looks for set-uid files on
the given media.  It does not limit the output to any particular user ID,
however.

    ***  WARNING WILL ROBINSON  ***

    NOTE:  you can't mount the disk and run find!!  Once you mount it,
    the user could access his set-uid program before the find command located
    the problem.  Especially easy to do if you know that find looks through
    directory blocks sequentially...

Anyway, maybe I'll write a script for this, but don't hold your breath ;-)

Good luck.
-- 
Frank J. Edwards		|  "I did make up my own mind -- there
2677 Arjay Court		|   simply WASN'T ANY OTHER choice!"
Palm Harbor, FL  34684-4504	|		-- Me
Phone (813) 786-3675 (voice)	|    Only Amiga Makes It Possible...